Want CNET to notify you of price drops and the latest stories?

Microsoft promises fix for IE security flaw in next few days

The software giant says it has seen only a few attempts to exploit the weakness, which affects users of Internet Explorer versions 6 through 9.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil

Microsoft said today it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."

The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.

"While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," Yunsun Wee, the director of Microsoft's Trustworthy Computing initiative, said in the post.

Microsoft said the fix would be an "easy-to-use, one-click, full-strength solution" that any IE user could install, promising "it will provide full protection against this issue until an update is available."

While it works on a fix for the flaw, Microsoft issued a security advisory offering several recommendations to help IE users avoid being victims of the zero-day exploit. In addition to running updated antivirus and antispyware software and using a firewall, Microsoft suggests installing its Enhanced Mitigation Experience Toolkit, which tries to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent.